Facial authentication system

ABSTRACT

An authentication system accesses an image of a face of a user. The face of the user is partially covered by a facial mask. The authentication system detects an area on the facial mask and generates a first identification of the user based on the area on the facial mask. The authentication system also detects an exposed area uncovered by the facial mask on the face of the user and generates a second identification of the user based on the exposed area. The authentication system compares the first identification of the user with the second identification of the user, and authenticates the user based on the comparison.

TECHNICAL FIELD

The present application generally relates to the field of authenticationsystem, and in particular, relates to methods and systems for userauthentication using facial recognition.

BACKGROUND

Traditional facial recognition software typically relies on capturing asubstantial portion of a face of a person. As such, when the personcovers a portion of their face with a face mask, the facial recognitionsoftware may not properly operate. Other types of biometricauthentication software rely on a limited uncovered portion of the facesuch as the eyes. However, in such situation, a user who wears glasseswill need to remove his/her glasses and move his eyes closer to acamera. In other situation, the face mask may cover different parts ofthe face, making difficult for the biometric authentication software toproperly operate.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

To easily identify the discussion of any particular element or act, themost significant digit or digits in a reference number refer to thefigure number in which that element is first introduced.

FIG. 1 is a diagrammatic representation of a networked environment inwhich the present disclosure may be deployed, in accordance with someexample embodiments.

FIG. 2 illustrates an example operation of the authentication system inaccordance with one example embodiment.

FIG. 3 illustrates another example operation of the authenticationsystem in accordance with one example embodiment.

FIG. 4 illustrates an authentication system in accordance with oneexample embodiment.

FIG. 5 is a flow diagram illustrating a method for authenticating a userin accordance with one example embodiment.

FIG. 6 is a flow diagram illustrating a method for validating a user inaccordance with one example embodiment.

FIG. 7 illustrates a routine in accordance with one embodiment.

FIG. 8 is a diagrammatic representation of a machine in the form of acomputer system within which a set of instructions may be executed forcausing the machine to perform any one or more of the methodologiesdiscussed herein, according to an example embodiment.

DETAILED DESCRIPTION

Example methods and systems are directed to multiple camera calibrationin a distributed camera system. Examples merely typify possiblevariations. Unless explicitly stated otherwise, components and functionsare optional and may be combined or subdivided, and operations may varyin sequence or be combined or subdivided. In the following description,for purposes of explanation, numerous specific details are set forth toprovide a thorough understanding of example embodiments. It will beevident to one skilled in the art, however, that the present subjectmatter may be practiced without these specific details.

A camera of a computing device captures an image of a face of a user forauthentication. For example, the user is attempted to access physicalentry into a physical location or access application features of acomputer application. The user is wearing a facial mask that partiallyobstructs a portion of the face of the user. For example, a portion ofthe mouth and nose of the user is partially obstructed by the facialmask. An authentication system processes the image to authenticate theuser by identifying a first portion of the image and a second portion ofthe image.

The first portion of the image includes an image of the facial mask. Forexample, the image of the facial mask includes a written signaturedisplayed on the facial mask. In another example, the image of thefacial mask includes a graphical content (e.g., QR code, geometricpattern, unique image) that is uniquely associated with a useridentifier. In another example, the graphical content on the image canonly be viewed when illuminated with a light source from a non-humanvisible light spectrum. The authentication system accesses a signaturelibrary that maps users with their corresponding signatures. Theauthentication system then determines a first identification of the userbased on the signature on the facial mask and the signature library.

The second portion of the image includes an image of the exposed areasof the face of the user. For example, the exposed area includes the eyesof the user. The authentication system performs biometric measurements(e.g., relative distance and location between features of the eyes oreyebrows) on the exposed area to determine biometrics data. Theauthentication system determines a second identification of the userbased on the biometrics data.

The authentication system compares the first identification of the userwith the second identification of the user to authenticate the user. Forexample, if the first and second identification of the user are thesame, the user is validated and the user is allowed access. If the firstand second identification of the user are different, the system may denyaccess or may request the user to take off his/her facial mask, or topresent another exposed area of the face of the user.

In one example embodiment, the present application describes anauthentication system based on a partially exposed face of a user. Theauthentication system accesses an image of a face of a user. The face ofthe user is partially covered by a facial mask. The authenticationsystem detects an area on the facial mask and generates a firstidentification of the user based on the area on the facial mask. Theauthentication system also detects an exposed area uncovered by thefacial mask on the face of the user and generates a secondidentification of the user based on the exposed area. The authenticationsystem compares the first identification of the user with the secondidentification of the user, and authenticates the user based on thecomparison.

FIG. 1 is a diagrammatic representation of a network environment 100 inwhich some example embodiments of the present disclosure may beimplemented or deployed. One or more application servers 104 provideserver-side functionality via a network 102 to a networked user device(in the form of a client device 106 of the user 128) connected to acamera 130, A web client 110 (e.g., a browser) and a programmatic client108 (e.g., an “app”) are hosted and execute on the client device 106.The client device 106 can communicate with the application servers 104via the network 102 or via other wireless or wired means.

The camera 130 includes a camera that operates within a light spectrumvisible to the human eye. In another example, the camera operatesoutside the human-visible light spectrum. In one example, the camera 130is configured to capture an image of a face of a user 132.

An Application Program Interface (API) server 118 and a web server 120provide respective programmatic and web interfaces to applicationservers 104. A specific application server 116 hosts an authenticationsystem 122 that operates with the application server 116.

In one example embodiment, the authentication system 122 receives avideo/image from the camera 130. The authentication system 122identifies two portions of the image: a first portion that includes thefacial mask, and a second portion that includes an exposed area of theface of the user 132. The authentication system 122 determines a firstuser identification based on the first portion and a second useridentification based on the second portion. The first and second useridentification are compared to authenticate the user 132.

The operations performed by the authentication system 122 may be alsoperformed or distributed to another server such as a third-party server112. For example, the first or second user identification may bedetermined at the third-party server 112.

In another example embodiment, the camera 130 includes a processor and amemory. The memory of the camera 130 stores the authentication system122. The processor of the camera 130 is configured to performoperations/computations of the algorithms described further below withrespect to FIG. 4 of the authentication system 122. As such, in oneembodiment, the camera 130 can be a standalone device that is capable ofauthenticating user 132 without having to connect with the applicationservers 104 to identify the first or second user identification.

In another example embodiment, the computation of the algorithmsdescribed in authentication system 122 can be distributed acrossmultiple devices. For example, the portion of the computation thatdetermines the first user identification can be performed locally at thecamera 130 or the client device 106. The portion of the computation thatdetermines the second user identification can be performed at theapplication server 116 or at the third-party server 112. In yet anotherexample, the portion of the computation that determines the first useridentification can be performed at the third-party application 114 andthe portion that determines the second user identification can beperformed at the application server 116.

The web client 110 communicates with the authentication system 122 viathe web interface supported by the web server 120. Similarly, theprogrammatic client 108 communicates with the authentication system 122via the programmatic interface provided by the Application ProgramInterface (API) server 118. The third-party application 114 may, forexample, be another application to support the authentication system 122or mine the data from the authentication system 122. For example, thethird-party application 114 may access image/video data from the camera130. The application server 116 is shown to be communicatively coupledto database servers 124 that facilitates access to an informationstorage repository or databases 126 (e.g., user identification library,user biometrics library, user signature library). In an exampleembodiment, the databases 126 includes storage devices that storeinformation to be published and/or processed by the authenticationsystem 122.

FIG. 2 illustrates an example operation of the authentication system inaccordance with one example embodiment. The authentication system 122 isconnected (directly or indirectly via client device 106) to the camera130. The camera 130 captures an image of the face of the user 132. Theface of the user is partially covered by a facial mask 202. A signature204 is displayed on the facial mask 202. The user 132 may have signedthe signature 204 on the facial mask 202. The user may have written thesignature on the facial mask 202. In another example, the facial mask202 includes a graphic element such as a QR code, a bar code, agraphical design, or an image.

The authentication system 122 identifies a first portion (e.g., facialdetection area 206) of the image and a second portion (e.g., signaturedetection area 208) of the image. The first portion includes the exposedareas of the face of the user 132. For example, the first portion mayinclude an image of the eyes, hair, eyebrows, ears of the user. In otherwords, these exposed areas are not blocked by the facial mask 202.

The second portion includes the area including a front portion of thefacial mask 202. The front portion includes the portion that covers themouth of the user 132. In another example embodiment, the second portionincludes an image of the facial mask 202 and a portion of the string 210that retains the facial mask 202 to the face of the user. The portion ofthe string 210 may include a visually distinguishable pattern (e.g., barcode). In another example, each string include a portion of a bar code.

FIG. 3 illustrates another example operation of the authenticationsystem in accordance with one example embodiment. The authenticationsystem 122 is directly or indirectly connected to a light source (e.g.,UV light 302) that is directed to the face of the user 132. The lightsource may generate a light from a non-human visible spectrum to triggera display of the signature 204.

FIG. 4 illustrates an authentication system in accordance with oneexample embodiment. The authentication system 122 comprises a signaturearea detection module 402, a partial facial area detection module 404, asignature validation module 406, a partial facial area validation module408, a user validation module 410, a signature library 412, and abiometrics library 414.

The signature area detection module 402 detects the region of the imagethat includes the facial mask 202 (e.g., signature detection area 208).In one example, the signature area detection module 402 identifies aregion in the image that includes the facial mask 202 using an objectrecognition algorithm. Once the signature area detection module 402identifies the facial mask 202, the signature area detection module 402identifies a graphical content on the surface of the facial mask 202: asignature, a user-written content, a QR code, an image.

The signature validation module 406 compares the graphical content fromthe facial mask 202 with a signature library 412 to identify a firstuser identification. For example, the signature validation module 406compares the signature on the facial mask 202 with signatures from thesignature library 412 to retrieve a first user identificationcorresponding to the signature on the facial mask 202. In other exampleembodiments, the signature library 412 includes a graphical contentlibrary that maps graphical elements (e.g., QR code) to users.

In one example embodiment, a user can record his/her signature in thesignature library 412 by providing an image of his/her signature (e.g.,signature signed on the facial mask 202) to the signature library 412.The signature library 412 associates the provided signature with theuser. In other examples, the user may provide other types of visualcontent hand drawn patterns, QR code, bar code, or any uniquelyidentifiable graphic content or element).

The partial facial area detection module 404 detects the region of theimage that includes exposed areas of the face of the user 132. (e.g.,facial detection area 206). In one example, the partial facial areadetection module 404 identifies a region in the image that includesexposed areas of the face of the user 132. The partial facial areavalidation module 408 determines biometrics data based on the exposedareas of the face of the user 132. In another example, the partialfacial area detection module 404 determines biometrics data based on theexposed areas of the face of the user 132. The partial facial areavalidation module 408 compares the biometrics data of the user 132 withthe biometrics library 414 to retrieve a second user identificationcorresponding to the biometrics data of the user 132.

The user validation module 410 compares the first user identificationwith the second user identification to validate an identity of the user132. For example, if the first user identification and the second useridentification are the same, the identity of the user 132 isauthenticated and the authentication system 122 communicates thevalidation to another application to process access, if the first useridentification and the second user identification are different, theidentity of the user 132 cannot be verified and validated. Theauthentication system 122 may communicate the un-authentication toanother application to deny access.

FIG. 5 is a flow diagram illustrating a method for authenticating a userin accordance with one example embodiment. Operations in the method 500may be performed by the authentication system 122, using components(e.g., modules, engines) described above with respect to FIG. 4.Accordingly, the method 600 is described by way of example withreference to the authentication system 122. However, it shall beappreciated that at least some of the operations of the method 500 maybe deployed on various other hardware configurations or be performed bysimilar components residing elsewhere. For example, some of theoperations may be performed at the client device 106.

At block 502, the camera 130 captures an image of the face of the userwearing a facial mask 202. At block 504, the signature area detectionmodule 402 identifies a face mask area and detects a signature in theface mask area. At block 506, the partial facial area detection module404 identifies an exposed face area and determines biometrics data basedon the exposed face area. At block 508, the user validation module 410authenticates a user based on the signature validation and biometricsdata validation.

FIG. 6 is a flow diagram illustrating a method 600 for validating a userin accordance with one example embodiment. Operations in the method 600may be performed by the authentication system 122, using components(e.g., modules, engines) described above with respect to FIG. 4.Accordingly, the method 600 is described by way of example withreference to the authentication system 122. However, it shall beappreciated that at least some of the operations of the method 600 maybe deployed on various other hardware configurations or be performed bysimilar components residing elsewhere. For example, some of theoperations may be performed at the client device 106.

At block 602, the signature area detection module 402 detects asignature on the facial mask 202. At block 604, the signature validationmodule 406 determines a first user identification based on thesignature. In one example, the signature validation module 406determines the first user identification based on a combination of thecontent displayed on the facial mask 202 and graphical patterns on thestring 210 of the facial mask 202.

At block 606, the partial facial area detection module 404 determinesbiometrics data based on the exposed facial area. At block 608, thepartial facial area validation module 408 determines second useridentification based on the biometrics. At 610, the user validationmodule 410 compares the first user identification with the second useridentification. At 612, the user validation module 410 validates a userauthentication based on the comparison. In one example, the uservalidation module 410 detects that the first user identification doesnot match the second user identification, and requests the partialfacial area detection module 404 or partial facial area validationmodule 408 to compute another biometrics data based on other exposedarea of the face of the user 132 to generate a third useridentification. For example, the partial facial area detection module404 may calculate biometrics data based on eye brows location instead ofeye location. In another example, the user validation module 410 detectsthat the first user identification does not match the second useridentification, and requests that the user further expose addition areasof his face to recompute the second user identification. In anotherexample, the user validation module 410 detects that the first useridentification does not match the second user identification, andrequests that the user removes the facial mask 202.

FIG. 7 is a flow diagram illustrating a routine 700. In block 702,routine 700 accesses an image of a face of a user, the face beingpartially covered by a facial mask. In block 704, routine 700 detects anarea on the facial mask block 706, routine 700 generates, at a computer,a first identification of the user based on the area on the facial mask.In block 708, routine 700 detects an exposed area uncovered by thefacial mask on the face of the user. In block 710, routine 700generates, at the computer, a second identification of the user based onthe exposed area. In block 712, routine 700 compares the firstidentification of the user with the second identification of the user.In block 714, routine 700 authenticates, at the computer, the user basedon the comparison.

FIG. 8 is a diagrammatic representation of the machine 800 within whichinstructions 808 (e.g., software, a program, an application, an applet,an app, or other executable code) for causing the machine 800 to performany one or more of the methodologies discussed herein may be executed.For example, the instructions 808 may cause the machine 800 to executeany one or more of the methods described herein. The instructions 808transform the general, non-programmed machine 800 into a particularmachine 800 programmed to carry out the described and illustratedfunctions in the manner described. The machine 800 may operate as astandalone device or may be coupled (e.g., networked) to other machines.In a networked deployment, the machine 800 may operate in the capacityof a server machine or a client machine in a server-client networkenvironment, or as a peer machine in a peer-to-peer (or distributed)network environment. The machine 800 may comprise, but not be limitedto, a server computer, a client computer, a personal computer (PC), atablet computer, a laptop computer, a netbook, a set-top box (STB), aPDA, an entertainment media system, a cellular telephone, a smart phone,a mobile device, a wearable device (e.g., a smart watch), a smart homedevice (e.g., a smart appliance), other smart devices, a web appliance,a network router, a network switch, a network bridge, or any machinecapable of executing the instructions 808, sequentially or otherwise,that specify actions to be taken by the machine 800. Further, while onlya single machine 800 is illustrated, the term “machine” shall also betaken to include a collection of machines that individually or jointlyexecute the instructions 808 to perform any one or more of themethodologies discussed herein.

The machine 800 may include processors 802, memory 804, and I/Ocomponents 842, which may be configured to communicate with each othervia a bus 844. In an example embodiment, the processors 802 (e.g., aCentral Processing Unit (CPU), a Reduced Instruction Set Computing(RISC) processor, a Complex Instruction Set Computing (CISC) processor,a Graphics Processing Unit (GPU), a Digital Signal Processor (DSP), anASIC, a Radio-Frequency Integrated Circuit (RFIC), another processor, orany suitable combination thereof) may include, for example, a processor806 and a processor 810 that execute the instructions 808. The term“processor” is intended to include multi-core processors that maycomprise two or more independent processors (sometimes referred to as“cores”) that may execute instructions contemporaneously. Although FIG.8 shows multiple processors 802, the machine 800 may include a singleprocessor with a single core, a single processor with multiple cores(e.g., a multi-core processor), multiple processors with a single core,multiple processors with multiples cores, or any combination thereof.

The memory 804 includes a main memory 812, a static memory 814, and astorage unit 816, both accessible to the processors 802 via the bus 844.The main memory 804, the static memory 814, and storage unit 816 storethe instructions 808 embodying any one or more of the methodologies orfunctions described herein. The instructions 808 may also reside,completely or partially, within the main memory 812, within the staticmemory 814, within machine-readable medium 818 within the storage unit816, within at least one of the processors 802 (e.g., within theprocessor's cache memory), or any suitable combination thereof, duringexecution thereof by the machine 800.

The I/O components 842 may include a wide variety of components toreceive input, provide output, produce output, transmit information,exchange information, capture measurements, and so on. The specific I/Ocomponents 842 that are included in a particular machine will depend onthe type of machine. For example, portable machines such as mobilephones may include a touch input device or other such input mechanisms,while a headless server machine will likely not include such a touchinput device. It will be appreciated that the I/O components 842 mayinclude many other components that are not shown in FIG. 8. In variousexample embodiments, the I/O components 842 may include outputcomponents 828 and input components 830. The output components 828 mayinclude visual components (e.g., a display such as a plasma displaypanel (PDP), a light emitting diode (LEI)) display, a liquid crystaldisplay (LCD), a projector, or a cathode ray tube (CRT)), acousticcomponents (e.g., speakers), haptic components (e.g., a vibratory motor,resistance mechanisms), other signal generators, and so forth. The inputcomponents 830 may include alphanumeric input components (e.g., akeyboard, a touch screen configured to receive alphanumeric input, aphoto-optical keyboard, or other alphanumeric input components),point-based input components (e.g., a mouse, a touchpad, a trackball, ajoystick, a motion sensor, or another pointing instrument), tactileinput components (e.g., a physical button, a touch screen that provideslocation and/or force of touches or touch gestures, or other tactileinput components), audio input components (e.g., a microphone), and thelike.

In further example embodiments, the I/O components 842 may includebiometric components 832, motion components 834, environmentalcomponents 836, or position components 838, among a wide array of othercomponents. For example, the biometric components 832 include componentsto detect expressions (e.g., hand expressions, facial expressions, vocalexpressions, body, gestures, or eye tracking), measure biosignals (e.g.,blood pressure, heart rate, body temperature, perspiration, or brainwaves), identify a person (e.g., voice identification, retinalidentification, facial identification, fingerprint identification, orelectroencephalogram-based identification), and the like. The motioncomponents 834 include acceleration sensor components accelerometer),gravitation sensor components, rotation sensor components (e.g.,gyroscope), and so forth. The environmental components 836 include, forexample, illumination sensor components photometer), temperature sensorcomponents (e.g., one or more thermometers that detect ambienttemperature), humidity sensor components, pressure sensor components(e.g., barometer), acoustic sensor components (e.g., one or moremicrophones that detect background noise), proximity sensor components(e.g., infrared sensors that detect nearby objects), gas sensors (e.g.,gas detection sensors to detection concentrations of hazardous gases forsafety or to measure pollutants in the atmosphere), or other componentsthat may provide indications, measurements, or signals corresponding toa surrounding physical environment. The position components 838 includelocation sensor components (e.g., a GPS receiver component), altitudesensor components (e.g., altimeters or barometers that detect airpressure from which altitude may be derived), orientation sensorcomponents (e.g., magnetometers), and the like.

Communication may be implemented using a wide variety of technologies.The I/O components 842 further include communication components 840operable to couple the machine 800 to a network 820 or devices 822 via acoupling 824 and a coupling 826, respectively. For example, thecommunication components 840 may include a network interface componentor another suitable device to interface with the network 820. In furtherexamples, the communication components 840 may include wiredcommunication components, wireless communication components, cellularcommunication components, Near Field Communication (NFC) components,Bluetooth® components (e.g., Bluetooth® Low Energy), Wi-Fi® components,and other communication components to provide communication via othermodalities. The devices 822 may be another machine or any of a widevariety of peripheral devices (e.g., a peripheral device coupled via aUSB).

Moreover, the communication components 840 may detect identifiers orinclude components operable to detect identifiers. For example, thecommunication components 840 may include Radio Frequency Identification(RFID) tag reader components, NFC smart tag detection components,optical reader components (e.g., an optical sensor to detectone-dimensional bar codes such as Universal Product Code (UPC) bar code,multi-dimensional bar codes such as Quick Response (QR) code, Azteccode, Data Matrix, Dataglyph, MaxiCode, PDF417, Ultra Code, UCC RSS-2Dbar code, and other optical codes), or acoustic detection components(e.g., microphones to identify tagged audio signals). In addition, avariety of information may be derived via the communication components840, such as location via Internet Protocol (IP) geolocation, locationvia Wi-Fi® signal triangulation, location via detecting an NFC beaconsignal that may indicate a particular location, and so forth.

The various memories (e.g., memory 804, main memory 812, static memory814, and/or memory of the processors 802) and/or storage unit 816 maystore one or more sets of instructions and data structures (e.g.,software) embodying or used by any one or more of the methodologies orfunctions described herein. These instructions (e.g., the instructions808), when executed by processors 802, cause various operations toimplement the disclosed embodiments.

The instructions 808 may be transmitted or received over the network820, using a transmission medium, via a network interface device (e.g.,a network interface component included in the communication components840) and using any one of a number of well-known transfer protocols(e.g., hypertext transfer protocol (HTTP)). Similarly, the instructions808 may be transmitted or received using a transmission medium via thecoupling 826 (e.g., a peer-to-peer coupling) to the devices 822.

Although an embodiment has been described with reference to specificexample embodiments, it will be evident that various modifications andchanges may be made to these embodiments without departing from thebroader scope of the present disclosure. Accordingly, the specificationand drawings are to be regarded in an illustrative rather than arestrictive sense. The accompanying drawings that form a part hereof,show by way of illustration, and not of limitation, specific embodimentsin which the subject matter may be practiced. The embodimentsillustrated are described in sufficient detail to enable those skilledin the art to practice the teachings disclosed herein. Other embodimentsmay be utilized and derived therefrom, such that structural and logicalsubstitutions and changes may be made without departing from the scopeof this disclosure. This Detailed Description, therefore, is not to betaken in a limiting sense, and the scope of various embodiments isdefined only by the appended claims, along with the full range ofequivalents to which such claims are entitled.

Such embodiments of the inventive subject matter may be referred toherein, individually and/or collectively, by the term “invention” merelyfor convenience and without intending to voluntarily limit the scope ofthis application to any single invention or inventive concept if morethan one is in fact disclosed. Thus, although specific embodiments havebeen illustrated and described herein, it should be appreciated that anyarrangement calculated to achieve the same purpose may be substitutedfor the specific embodiments shown. This disclosure is intended to coverany and all adaptations or variations of various embodiments.Combinations of the above embodiments, and other embodiments notspecifically described herein, will be apparent to those of skill in theart upon reviewing the above description.

The Abstract of the Disclosure is provided to allow the reader toquickly ascertain the nature of the technical disclosure. It issubmitted with the understanding that it will not be used to interpretor limit the scope or meaning of the claims. In addition, in theforegoing Detailed Description, it can be seen that various features aregrouped together in a single embodiment for the purpose of streamliningthe disclosure. This method of disclosure is not to be interpreted asreflecting an intention that the claimed embodiments require morefeatures than are expressly recited in each claim. Rather, as thefollowing claims reflect, inventive subject matter lies in less than allfeatures of a single disclosed embodiment. Thus the following claims arehereby incorporated into the Detailed Description, with each claimstanding on its own as a separate embodiment.

EXAMPLES

Example 1 is a computer-implemented method comprising: accessing animage of a face of a user, the face being partially covered by a facialmask; detecting an area on the facial mask; generating, at a computer, afirst identification of the user based on the area on the facial mask;detecting an exposed area uncovered by the facial mask on the face ofthe user; generating, at the computer, a second identification of theuser based on the exposed area; comparing the first identification ofthe user with the second identification of the user; and authenticating,at the computer, the user based on the comparison.

Example 2 includes example 1, wherein the area on the facial maskincludes a user signature.

Example 3 includes example 2, wherein generating the firstidentification of the user further comprises: accessing a user signaturelibrary, the user signature library comprising a library of useridentifiers and corresponding signature images; comparing the usersignature with the user signature library; and determining the firstidentification of the user based on comparing the written signature withthe user signature library.

Example 4 includes example 2, wherein the user signature includes inkthat is not visible to a human eye, wherein detecting the area on thefacial mask further comprises: illuminating the facial mask with a lightsource operating at a light spectrum that renders the ink visible to acamera; and capturing an image of the written signature with the camera,wherein generating the first identification of the user is based on theimage of the user signature.

Example 5 includes example 1, further comprising: illuminating thefacial mask with a light operating at a light spectrum that renders acontent of the area visible to a camera; and capturing an image of thecontent of the area with the camera, wherein generating the firstidentification of the user is based on the image of the content.

Example 6 includes example 1, wherein the area on the facial maskincludes a visual element, wherein generating the first identificationof the user further comprises: accessing a user identification library,the user identification library comprising a library of user identifiersand corresponding visual elements; comparing the visual element with theuser identification library; and determining the first identification ofthe user based on comparing the visual element with the useridentification library.

Example 7 includes example 1, wherein the area on the facial maskincludes a first visual element visible to a camera, and a second visualelement visible to the camera only when exposed to a light sourceoperating at a non-human visible light spectrum, wherein generating thefirst identification of the user further comprises: accessing a useridentification library, the user identification library comprising alibrary of user identifiers and corresponding visual elements; comparingthe first visual element and the second visual element with the useridentification library; and determining the first identification of theuser based on comparing the first visual element and the second visualelement with the user identification library.

Example 8 includes example 1; wherein detecting the exposed areauncovered by the facial mask on the face of the user further comprises:determining biometrics data based on the exposed area, whereingenerating the second identification of the user based on the exposedarea further comprises: comparing the determined biometrics data withbiometrics data from a biometrics library, the biometric librarycomprising a library of biometrics data and corresponding useridentifiers; and determining the second identification of the user basedon comparing the determined biometrics data with the biometrics library.

Example 9 includes example 1, further comprising: determining that thefirst identification of the user and the second identification indicatethe same user; and in response to the first and second identificationbeing the same, validating an identity of the user.

Example 10 includes example 1, further comprising: determining that thefirst identification of the user is the different from the secondidentification of the user; and in response to the first identificationbeing different from the second identification, detecting a secondexposed area uncovered by the facial mask on the face of the user;generating, at the computer, a third identification of the user based onthe second exposed area; determining that the first identification andthe third identification indicate the same user; and in response to thefirst and third identification being the same, validating an identity ofthe user.

What is claimed is:
 1. A computer-implemented method comprising:accessing an image of a face of a user, the face being partially coveredby a facial mask; detecting an area on the facial mask; generating, at acomputer, a first identification of the user based on the area on thefacial mask; detecting an exposed area uncovered by the facial mask onthe face of the user; generating, at the computer, a secondidentification of the user based on the exposed area; comparing thefirst identification of the user with the second identification of theuser; and authenticating, at the computer, the user based on thecomparison.
 2. The computer-implemented method of claim 1, wherein thearea on the facial mask includes a user signature.
 3. Thecomputer-implemented method of claim 2, wherein generating the firstidentification of the user further comprises: accessing a user signaturelibrary, the user signature library comprising a library of useridentifiers and corresponding signature images; comparing the usersignature with the user signature library; and determining the firstidentification of the user based on comparing the written signature withthe user signature library.
 4. The computer-implemented method of claim2, wherein the user signature includes ink that is not visible to ahuman eye, wherein detecting the area on the facial mask furthercomprises: illuminating the facial mask with a light source operating ata light spectrum that renders the ink visible to a camera; and capturingan image of the written signature with the camera, wherein generatingthe first identification of the user is based on the image of the usersignature.
 5. The computer-implemented method of claim 1, furthercomprising: illuminating the facial mask with a light operating at alight spectrum that renders a content of the area visible to a camera;and capturing an image of the content of the area with the camera,wherein generating the first identification of the user is based on theimage of the content.
 6. The computer-implemented method of claim 1,wherein the area on the facial mask includes a visual element, whereingenerating the first identification of the user further comprises:accessing a user identification library, the user identification librarycomprising a library of user identifiers and corresponding visualelements; comparing the visual element with the user identificationlibrary; and determining the first identification of the user based oncomparing the visual element with the user identification library. 7.The computer-implemented method of claim 1, wherein the area on thefacial mask includes a first visual element visible to a camera, and asecond visual element visible to the camera only when exposed to a lightsource operating at a non-human visible light spectrum, whereingenerating the first identification of the user further comprises:accessing a user identification library, the user identification librarycomprising a library of user identifiers and corresponding visualelements; comparing the first visual element and the second visualelement with the user identification library; and determining the firstidentification of the user based on comparing the first visual elementand the second visual element with the user identification library. 8.The computer-implemented method of claim 1, wherein detecting theexposed area uncovered by the facial mask on the face of the userfurther comprises: determining biometrics data based on the exposedarea, wherein generating the second identification of the user based onthe exposed area further comprises: comparing the determined biometricsdata with biometrics data from a biometrics library, the biometriclibrary comprising a library of biometrics data and corresponding useridentifiers; and determining the second identification of the user basedon comparing the determined biometrics data with the biometrics library.9. The computer-implemented method of claim 1, further comprising:determining that the first identification of the user and the secondidentification indicate the same user; and in response to the first andsecond identification being the same, validating an identity of theuser.
 10. The computer-implemented method of claim 1, furthercomprising: determining that the first identification of the user is thedifferent from the second identification of the user; and in response tothe first identification being different from the second identification,detecting a second exposed area uncovered by the facial mask on the faceof the user; generating, at the computer, a third identification of theuser based on the second exposed area; determining that the firstidentification and the third identification indicate the same user; andin response to the first and third identification being the same,validating an identity of the user.
 11. A computing apparatuscomprising: a processor; and a memory storing instructions that, whenexecuted by the processor, configure the apparatus to: access an imageof a face of a user, the face being partially, covered by a facial mask;detect an area on the facial mask; generate, at a computer, a firstidentification of the user based on the area on the facial mask; detectan exposed area uncovered by facial mask on the face of the user;generate, at the computer, a second identification of the user based onthe exposed area; compare the first identification of the user with thesecond identification of the user; and authenticate, at the computer,the user based on the comparison.
 12. The computing apparatus of claim11, wherein the area on the facial mask includes a user signature. 13.The computing apparatus of claim 12, wherein generating the firstidentification of the user further comprises: access a user signaturelibrary, the user signature library comprising a library of useridentifiers and corresponding signature images; compare the usersignature with the user signature library; and determine the firstidentification of the user based on comparing the written signature withthe user signature library.
 14. The computing apparatus of claim 12,wherein the user signature includes ink that is not visible to a humaneye, wherein detecting the area on the facial mask further comprises:illuminate the facial mask with a light source operating at a lightspectrum that renders the ink visible to a camera; and capture an imageof the written signature with the camera, wherein generating the firstidentification of the user is based on the image of the user signature.15. The computing apparatus of claim 11, wherein the instructionsfurther configure the apparatus to: illuminate the facial mask with alight operating at a light spectrum that renders a content of the areavisible to a camera; and capture an image of the content of the areawith the camera, wherein generating the first identification of the useris based on the image of the content.
 16. The computing apparatus ofclaim 11, wherein the area on the facial mask includes a visual element,wherein generating the first identification of the user furthercomprises: access a user identification library, the user identificationlibrary comprising a library of user identifiers and correspondingvisual elements; compare the visual element with the user identificationlibrary; and determine the first identification of the user based oncomparing the visual element with the user identification library. 17.The computing apparatus of claim 11, wherein the area on the facial maskincludes a first visual element visible to a camera, and a second visualelement visible to the camera only when exposed to a light sourceoperate at a non-human visible light spectrum, wherein generating thefirst identification of the user further comprises: access a useridentification library, the user identification library comprising alibrary of user identifiers and corresponding visual elements; comparethe first visual element and the second visual element with the useridentification library; and determine the first identification of theuser based on comparing the first visual element and the second visualelement with the user identification library.
 18. The computingapparatus of claim 11, wherein detecting the exposed area uncovered bythe facial mask on the face of the user further comprises: determinebiometrics data based on the exposed area, wherein generating the secondidentification of the user based on the exposed area further comprises:compare the determined biometrics data with biometrics data from abiometrics library, the biometric library comprising a library ofbiometrics data and corresponding user identifiers; and determine thesecond identification of the user based on comparing the determinedbiometrics data with the biometrics library.
 19. The computing apparatusof claim 11, wherein the instructions further configure the apparatusto: determine that the first identification of the user and the secondidentification indicate the same user; and in response to the first andsecond identification being the same; validate an identity of the user.20. A non-transitory computer-readable storage medium, thecomputer-readable storage medium including instructions that whenexecuted by a computer, cause the computer to: access an image of a faceof a user, the face being partially covered by a facial mask; detect anarea on the facial mask; generate, at a computer, a first identificationof the user based on the area on the facial mask; detect an exposed areauncovered by the facial mask on the face of the user; generate, at thecomputer, a second identification of the user based on the exposed area;compare the first identification of the user with the secondidentification of the user; and authenticate, at the computer, the userbased on the comparison.